INTSTATUS IntLixMmGetInitMm(QWORD *InitMm)
Find the address of the "init_mm" variable inside the kernel.
INTSTATUS IntLixVmaAdjust(void *Detour)
Detour handler for in-guest functions adjusting VMA ranges.
INTSTATUS IntLixMmFindVmaRange(QWORD Gva, LIX_TASK_OBJECT *Task, QWORD *VmaStart, QWORD *VmaEnd)
Finds the VMA limits that contain an address.
int INTSTATUS
The status data type.
INTSTATUS IntLixVmaRemove(void *Detour)
Detour handler for functions that unmap memory for processes.
void IntLixMmDestroyVmas(LIX_TASK_OBJECT *Task)
Remove protection for the VMAs belonging to a process.
INTSTATUS IntLixVmaInsert(void *Detour)
Detour handler for "__vma_link_rb" function.
QWORD Start
Start of the memory described by the VMA.
INTSTATUS IntLixVmaChangeProtection(void *Detour)
Detour handler for "change_protection" function.
LIX_VMA * IntLixMmFindVmaByRange(const LIX_TASK_OBJECT *Process, QWORD Address)
Finds if a memory address inside a process is being protected and returns the corresponding LIX_VMA s...
INTSTATUS IntLixMmFetchVma(LIX_TASK_OBJECT *Task, QWORD Address, LIX_VMA *Vma)
Retrieve information about a VMA structure containing a user mode address.
QWORD End
End of the memory described by the VMA.
void * Hook
The EPT hook placed on the VMA when it is being protected.
QWORD Flags
Flags for the VMA.
LIX_TASK_OBJECT * Process
Process owning the VMA.
QWORD Gva
The guest virtual address of the vm_area_struct this structure is based on.
void IntLixMmListVmas(QWORD Mm, LIX_TASK_OBJECT *Process)
INTSTATUS IntLixMmPopulateVmas(LIX_TASK_OBJECT *Task)
Populate the Introcore VMAs linked list by iterating the one inside the guest.
LIX_VMA * IntLixMmFindVma(LIX_TASK_OBJECT *Task, QWORD Vma)
Finds a protected VMA inside a process VMA list.
LIST_ENTRY Link
Linked list entry.
INTSTATUS IntLixVmaExpandDownwards(void *Detour)
Detour handler for "expand_downwards" function.
QWORD File
The Gva of the file this VMA maps to. Can be 0 which means this VMA is not a memory mapped file...
struct _LIX_VMA * PLIX_VMA
1.8.13